US-CERT issued an alert relating to a newly-discovered vulnerability for Microsoft Exchange 13 or newer.
The full update on the vulnerability is documented by the Carnegie Mellon University CERT vulnerability center:
"An attacker that has credentials for an Exchange mailbox and also has the ability to communicate with both a Microsoft Exchange server and a Windows domain controller may be able to gain domain administrator privileges. It is also reported that an attacker without knowledge of an Exchange user's password may be able to perform the same attack by using an SMB to HTTP relay attack as long as they are in the same network segment as the Exchange server."
Remediation recommendations include:
• Disabling EWS push/pull subscriptions
• Removing privileges that Exchange has on the domain object
See the complete Microsoft Exchange vulnerability notes here.
